On Tue, Jul 13, 2021 at 11:34:28AM +0200, Radek wrote: > Hello, > I'm going to build a router with +40 vlans. > I need to block access from every vlan to each other (and then enable traffic > between certain vlans as needed). > > How can I do this? Is there any one liner pf block rule to do this?
Not really but you can try: block out on vlan received-on vlan It really matters in how you want to build your filters (outbound or inbound filtering). Maybe it is better to just start with a block all rule and slowly allow traffic back. You can use interface groups and pf tags to help with rule writing. -- :wq Claudio
